freyjagp/gdb.lgbtqi.app
1
0
Fork 0
forked from github.com/GenderDysphoria.fyi
Code Actions Packages Releases Activity

test ci

Browse Source
This commit is contained in:
Freyja Odinthrir
2024-02-08 13:58:52 -08:00
parent babb807a91
commit 4e8f3bc5f4
13 changed files with 278 additions and 220 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.docker/.conf/nginx/conf.d/http/main.conf Normal file
View File

@@ -0,0 +1,8 @@
server {
listen 80;
location / {
root /var/www/build;
autoindex off;
try_files $uri $uri/ =404;
}
}

69
.docker/.conf/nginx/nginx.conf Normal file
View File

@@ -0,0 +1,69 @@
worker_processes 4;
pid /run/nginx.pid;
error_log /dev/stderr info;
events {
worker_connections 1024;
multi_accept off;
}
http {
## asynchronous input/output policy.
tcp_nopush on;
sendfile on;
## Security policy
ssl_protocols TLSv1.3 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
server_tokens off; # disable server version response header.
add_header X-Content-Type-Options nosniff; # Disable sniffing
add_header X-Frame-Options SAMEORIGIN always; # Prevent clickjacking.
add_header "X-XSS-Protection" "1; mode=block"; # Prevent cross-site-scripting
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; # Force HSTS, prevent mitm attack between 301 redirect for http, and https server.
## Log file policy.
log_format logformat '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /dev/stdout logformat;
## Temp file policy.
client_body_temp_path /tmp/client_temp;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
proxy_temp_path /tmp/proxy_temp;
scgi_temp_path /tmp/scgi_temp;
## Buffer Policy.
client_body_buffer_size 1K;
client_header_buffer_size 1k;
client_max_body_size 1k;
large_client_header_buffers 2 1k;
## Client timeout policy
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
## Default mime type.
include snippets/mime-types.conf;
default_type text/html;
## http vhosts
include conf.d/http/*.conf;
}

26
.docker/.conf/nginx/snippets/fastcgi.conf Normal file
View File

@@ -0,0 +1,26 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

48
.docker/.conf/nginx/snippets/mime-types.conf Normal file
View File

@@ -0,0 +1,48 @@
types {
text/html html htm shtml;
text/css css;
text/xml xml rss;
image/gif gif;
image/jpeg jpeg jpg;
application/x-javascript js;
text/plain txt;
text/x-component htc;
text/mathml mml;
image/png png;
image/x-icon ico;
image/x-jng jng;
image/vnd.wap.wbmp wbmp;
application/java-archive jar war ear;
application/mac-binhex40 hqx;
application/pdf pdf;
application/x-cocoa cco;
application/x-java-archive-diff jardiff;
application/x-java-jnlp-file jnlp;
application/x-makeself run;
application/x-perl pl pm;
application/x-pilot prc pdb;
application/x-rar-compressed rar;
application/x-redhat-package-manager rpm;
application/x-sea sea;
application/x-shockwave-flash swf;
application/x-stuffit sit;
application/x-tcl tcl tk;
application/x-x509-ca-cert der pem crt;
application/x-xpinstall xpi;
application/zip zip;
application/octet-stream deb;
application/octet-stream bin exe dll;
application/octet-stream dmg;
application/octet-stream eot;
application/octet-stream iso img;
application/octet-stream msi msp msm;
audio/mpeg mp3;
audio/x-realaudio ra;
video/mpeg mpeg mpg;
video/quicktime mov;
video/x-flv flv;
video/x-msvideo avi;
video/x-ms-wmv wmv;
video/x-ms-asf asx asf;
video/x-mng mng;
}

10
.docker/.conf/nginx/snippets/proxy.conf Normal file
View File

@@ -0,0 +1,10 @@
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;

17
.docker/.conf/nginx/snippets/scgi.conf Normal file
View File

@@ -0,0 +1,17 @@
scgi_param REQUEST_METHOD $request_method;
scgi_param REQUEST_URI $request_uri;
scgi_param QUERY_STRING $query_string;
scgi_param CONTENT_TYPE $content_type;
scgi_param DOCUMENT_URI $document_uri;
scgi_param DOCUMENT_ROOT $document_root;
scgi_param SCGI 1;
scgi_param SERVER_PROTOCOL $server_protocol;
scgi_param REQUEST_SCHEME $scheme;
scgi_param HTTPS $https if_not_empty;
scgi_param REMOTE_ADDR $remote_addr;
scgi_param REMOTE_PORT $remote_port;
scgi_param SERVER_PORT $server_port;
scgi_param SERVER_NAME $server_name;

17
.docker/.conf/nginx/snippets/uwsgi.conf Normal file
View File

@@ -0,0 +1,17 @@
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param REQUEST_SCHEME $scheme;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;

15
.docker/.conf/supervisor/supervisord.conf Normal file
View File

@@ -0,0 +1,15 @@
[supervisord]
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/run/supervisord.pid
[program:nginx]
command=nginx -g 'daemon off;'
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
stderr_logfile=/dev/stderr
stderr_logfile_maxbytes=0
autorestart=true
startretries=3

15
.docker/Dockerfile Normal file
View File

@@ -0,0 +1,15 @@
####
##
## Build a docker image out of the static html book generated by mdbook.
## Used by automation. Can be built manually for testing.
##
####
FROM alpine:3.17
RUN apk add nginx supervisor
RUN mkdir -p /var/www
RUN rm -rf /etc/nginx
COPY build /var/www/build
COPY .conf/nginx /etc/nginx
COPY .conf/supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
EXPOSE 80

151
.gitea/workflows/deploy.yml
View File

@@ -7,11 +7,11 @@ on:
# - "templates/**" # - "templates/**"
branches: branches:
- "master" - "master"
- "gdb.lgbtqi.app-production" - "ci-testing"
jobs: jobs:
job1: job1:
name: Build static site, docker image, upload artifact... name: Build static site.
runs-on: catthehacker-ubuntu runs-on: catthehacker-ubuntu
steps: steps:
- -
@@ -21,48 +21,18 @@ jobs:
- -
name: Checkout the git repo... name: Checkout the git repo...
uses: actions/checkout@v3 uses: actions/checkout@v3
with:
ref: master
-
name: Set up docker buildx...
uses: docker/setup-buildx-action@v3
-
name: Login to gitea registry
uses: docker/login-action@v3
with:
registry: gitea.raer.me
username: ${{ secrets.PRODUCTION_REGISTRY_USERNAME }}
password: ${{ secrets.PRODUCTION_REGISTRY_TOKEN }}
- -
name: Install required system packages... name: Install required system packages...
run: | run: |
export DEBIAN_FRONTEND=noninteractive export DEBIAN_FRONTEND=noninteractive
apt update apt update
apt upgrade -y apt upgrade -y
apt install -y curl tar p7zip-full graphicsmagick apt install -y curl graphicsmagick
- -
name: Use Node.js ${{ matrix.node-version }} name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v2 uses: actions/setup-node@v2
with: with:
node-version: '14' node-version: '14'
cache: 'npm'
-
name: Restore node_modules cache
uses: actions/cache@v2
with:
path: node_modules
key: ${{ runner.os }}-node_modules-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node_modules
-
name: Restore Asset Cache
uses: actions/cache@v2
with:
key: if-cache
path: |
./if-cache/*
./if-cache.json
./twitter-cache.json
- -
name: Install node dependencies name: Install node dependencies
run: npm ci run: npm ci
@@ -72,73 +42,58 @@ jobs:
- -
name: Build site name: Build site
run: npm run build run: npm run build
-
name: Create artifact...
run: 7z a -mx=9 ./artifact.7z dist
- -
name: Upload artifact... name: Upload artifact...
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v4
with: with:
name: artifact_${{ steps.date.outputs.date }} name: build_artifact
path: ./artifact.7z path: dist
retention-days: 7 retention-days: 7
- # job2:
uses: actions/checkout@v4 # needs: job1
with: # name: Connect to deployment host, update, and redeploy docs website.
ref: gdb.lgbtqi.app-production # runs-on: ubuntu-latest
- # steps:
name: Build and push docker image to gitea package store # -
uses: docker/build-push-action@v5 # name: Install required system packages...
with: # run: |
context: . # export DEBIAN_FRONTEND=noninteractive
push: true # apt update
platforms: linux/amd64 # apt upgrade -y
tags: gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }} # apt install -y iputils-ping
job2: # -
needs: job1 # name: Configure SSH...
name: Connect to deployment host, update, and redeploy docs website. # env:
runs-on: ubuntu-latest # SSH_USER: ${{ secrets.PRODUCTION_SSH_USER }}
steps: # SSH_KEY: ${{ secrets.PRODUCTION_SSH_KEY }}
- # SSH_HOST: ${{ secrets.PRODUCTION_SSH_HOST }}
name: Install required system packages... # run: |
run: | # mkdir -p ~/.ssh/
export DEBIAN_FRONTEND=noninteractive # echo "$SSH_KEY" > ~/.ssh/staging.key
apt update # chmod 600 ~/.ssh/staging.key
apt upgrade -y # cat >> ~/.ssh/config <<END
apt install -y iputils-ping # Host staging
- # HostName $SSH_HOST
name: Configure SSH... # User $SSH_USER
env: # IdentityFile ~/.ssh/staging.key
SSH_USER: ${{ secrets.PRODUCTION_SSH_USER }} # StrictHostKeyChecking no
SSH_KEY: ${{ secrets.PRODUCTION_SSH_KEY }} # END
SSH_HOST: ${{ secrets.PRODUCTION_SSH_HOST }} # cat ~/.ssh/config
run: | # -
mkdir -p ~/.ssh/ # name: Test SSH Host...
echo "$SSH_KEY" > ~/.ssh/staging.key # env:
chmod 600 ~/.ssh/staging.key # SSH_HOST: ${{ secrets.PRODUCTION_SSH_HOST }}
cat >> ~/.ssh/config <<END # run: |
Host staging # ping -c 3 $SSH_HOST
HostName $SSH_HOST # ssh staging 'ls'
User $SSH_USER # -
IdentityFile ~/.ssh/staging.key # name: Pull new image and redeploy...
StrictHostKeyChecking no # run: |
END # ssh staging '\
cat ~/.ssh/config # echo "${{ secrets.PRODUCTION_REGISTRY_TOKEN }}" | docker login --password-stdin --username ${{ secrets.PRODUCTION_REGISTRY_USERNAME }} gitea.raer.me; \
- # docker stop gdb.lgbtqi.app; \
name: Test SSH Host... # docker rm gdb.lgbtqi.app; \
env: # docker pull gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}; \
SSH_HOST: ${{ secrets.PRODUCTION_SSH_HOST }} # docker run -d --name gdb.lgbtqi.app -p ${{ secrets.PRODUCTION_DEPLOYMENT_HOST }}:4100:80 gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}; \
run: | # docker logout gitea.raer.me;'
ping -c 3 $SSH_HOST
ssh staging 'ls'
-
name: Pull new image and redeploy...
run: |
ssh staging '\
echo "${{ secrets.PRODUCTION_REGISTRY_TOKEN }}" | docker login --password-stdin --username ${{ secrets.PRODUCTION_REGISTRY_USERNAME }} gitea.raer.me; \
docker stop gdb.lgbtqi.app; \
docker rm gdb.lgbtqi.app; \
docker pull gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}; \
docker run -d --name gdb.lgbtqi.app -p ${{ secrets.PRODUCTION_DEPLOYMENT_HOST }}:4100:80 gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}; \
docker logout gitea.raer.me;'

3
.github/FUNDING.yml vendored
View File

@@ -1,3 +0,0 @@
github: Twipped
ko-fi: curvyandtrans
patreon: curvyandtrans

11
.github/dependabot.yml vendored
View File

@@ -1,11 +0,0 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"

108
.github/workflows/build.yml vendored
View File

@@ -1,108 +0,0 @@
name: Ensure Site Builds Cleanly
on:
push:
branches: [ master ]
jobs:
build-site:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install GraphicsMagick
run: sudo apt install graphicsmagick
- name: Install Chrome
run: |
wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
sudo apt install ./google-chrome-stable_current_amd64.deb
- name: Use Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v2
with:
node-version: '14'
cache: 'npm'
- name: Restore node_modules cache
uses: actions/cache@v2
with:
path: node_modules
key: ${{ runner.os }}-node_modules-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node_modules
- name: Restore Asset Cache
uses: actions/cache@v2
with:
key: if-cache
path: |
./if-cache/*
./if-cache.json
./twitter-cache.json
- name: Install node dependencies
run: npm ci
- name: Lint JS code
run: npm test
- name: Build site
run: npm run build
- name: (EN) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/en.pdf" \
http://127.0.0.1:8080/en/printable/index.html
- name: (ZH) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/zh.pdf" \
http://127.0.0.1:8080/zh/printable/index.html
- name: (DE) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/de.pdf" \
http://127.0.0.1:8080/de/druckbar/index.html
- name: (HU) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/hu.pdf" \
http://127.0.0.1:8080/hu/nyomtathato/index.html
- name: (PL) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/pl.pdf" \
http://127.0.0.1:8080/pl/do-druku/index.html
- name: (PT) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/pt.pdf" \
http://127.0.0.1:8080/pt/imprimivel/index.html
- name: (FR) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/fr.pdf" \
http://127.0.0.1:8080/fr/a-imprimer/index.html
- name: (NL) Generate PDF from HTML
run: |
google-chrome --headless --print-to-pdf-no-header \
--run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/nl.pdf" \
http://127.0.0.1:8080/nl/afdrukbaar/index.html
- name: List dist
run: ls -la ${{ github.workspace }}/dist
- name: Upload PDFs
uses: actions/upload-artifact@v3
with:
name: site-pdfs
path: |
${{ github.workspace }}/dist/**.pdf